> browse/registry

> subfinder

Discover subdomains of a target domain using passive and active enumeration techniques. Use when tasks involve subdomain enumeration, attack surface mapping, DNS reconnaissance, finding hidden services, identifying forgotten subdomains, or expanding the scope of a security assessment. Subfinder uses passive sources (certificate transparency logs, DNS datasets, search engines) to find subdomains without touching the target directly.

> jwt-handler

When the user needs to generate, validate, refresh, or debug JSON Web Tokens. Use when the user mentions "JWT," "access token," "refresh token," "token rotation," "token expiration," "token validation," "bearer token," or "decode JWT." Handles secure token lifecycle including signing, verification, refresh rotation, and revocation. For full auth system design, see auth-system-setup.

> step-ca

Run a private certificate authority with step-ca. Use when a user asks to issue internal TLS certificates, set up mTLS between services, create a private PKI, or manage certificates for internal infrastructure.

> agent-swarm-orchestration

Coordinate multiple AI agents working together on complex tasks — routing, handoffs, consensus, memory sharing, and quality gates. Use when tasks involve building multi-agent systems, coordinating specialist agents in a pipeline, implementing agent-to-agent communication, designing swarm architectures, setting up agent orchestration frameworks, or building autonomous agent teams with supervision and quality control. Covers hierarchical, mesh, and pipeline topologies.

> linkerd

Linkerd lightweight service mesh for Kubernetes. Use when the user needs automatic mTLS, traffic splitting, retries, and observability with minimal resource overhead and operational complexity.

> letsencrypt

Get free TLS certificates with Certbot and Let's Encrypt. Use when a user asks to add HTTPS to a website, get a free SSL certificate, auto-renew certificates, or secure a web server with TLS.

> consul

HashiCorp Consul for service discovery, health checking, and service mesh. Use when the user needs to register services, perform health checks, store configuration in the KV store, or set up Connect for secure service-to-service communication.

> nomad

HashiCorp Nomad workload orchestrator for deploying containers, VMs, and standalone applications. Use when the user needs to write job specifications, manage deployments, configure scaling, or run batch and service workloads across a cluster.

> cosign

Expert guidance for Cosign, the Sigstore tool for signing, verifying, and attaching metadata to container images and other OCI artifacts. Helps developers implement supply chain security by signing images in CI/CD, verifying signatures before deployment, and attaching SBOMs and vulnerability scan results as attestations.

> load-balancer

Configure and optimize load balancers and reverse proxies using Nginx, HAProxy, and cloud ALBs. Use when someone asks to "set up load balancing", "configure Nginx reverse proxy", "set up HAProxy", "add SSL termination", "configure health checks", "proxy WebSocket connections", "rate limit traffic", or "set up failover". Covers L4/L7 balancing, SSL, rate limiting, caching, WebSocket proxying, and health checks.

> restic

Back up and restore data with Restic. Use when a user asks to set up backups, create encrypted backups, back up to S3 or cloud storage, implement a backup strategy, restore files from backup, deduplicate backup storage, schedule automated backups, back up databases or servers, or set up offsite backups. Covers repository initialization, backup/restore operations, snapshot management, pruning, encryption, and multiple storage backends (local, S3, SFTP, B2, Azure, GCS).

> opentofu

You are an expert in OpenTofu, the open-source fork of Terraform maintained by the Linux Foundation. You help developers and platform teams provision cloud infrastructure using HCL (HashiCorp Configuration Language), with full compatibility with existing Terraform modules, state files, and providers — plus new features like client-side state encryption, OCI registry support, and removed BSL license restrictions.

> aws-cloudfront

Configure Amazon CloudFront for global content delivery. Set up distributions with S3 and ALB origins, define cache behaviors and TTLs, invalidate cached content, and use Lambda@Edge for request/response manipulation at the edge.

> gcp-cloud-run

Deploy serverless containers on Google Cloud Run. Build and push container images, configure auto-scaling from zero, split traffic between revisions for canary deployments, and set up custom domains with managed TLS.

> istio

Istio service mesh for Kubernetes traffic management, security, and observability. Use when the user needs to configure traffic routing, mTLS, circuit breaking, fault injection, or observability for microservices.

> jest

Jest is a comprehensive JavaScript testing framework built by Meta, designed for zero-configuration testing of JavaScript and TypeScript applications. It provides a complete ecosystem for unit testing, integration testing, and snapshot testing with built-in code coverage, mocking capabilities, and parallel test execution. Jest works seamlessly with React, Node.js, Angular, Vue, and virtually any JavaScript project, making it the most widely adopted testing framework in the ecosystem.

> nginx

Assists with configuring Nginx as a web server, reverse proxy, and load balancer. Use when serving static files, proxying to application servers, setting up TLS termination, configuring caching, rate limiting, or writing security headers. Trigger words: nginx, reverse proxy, load balancer, tls, ssl, server block, location block.

> openvpn

Deploy and manage OpenVPN servers and clients. Use when a user asks to set up a VPN server, create client certificates, configure site-to-site tunnels, set up split tunneling, manage PKI with EasyRSA, harden OpenVPN security, automate client provisioning, configure routing and NAT, set up MFA for VPN, monitor connected clients, or troubleshoot VPN connectivity. Covers server deployment, PKI management, client configuration, and production hardening.

> packer

HashiCorp Packer for building automated machine images. Use when the user needs to create AMIs, Docker images, or GCP images using HCL templates with provisioners for consistent, reproducible infrastructure images.

> postgresql

Assists with designing schemas, writing performant queries, managing indexes, and operating PostgreSQL databases. Use when working with JSONB, full-text search, window functions, CTEs, row-level security, replication, or performance tuning. Trigger words: postgresql, postgres, sql, database, jsonb, rls, window functions, cte.